Cyber Law at Guam (US)
Guam has established a comprehensive legal framework to address cybersecurity and data protection, primarily through the Notification of Breaches of Personal Information statute and the Electronic Data Protection Act of 2012. Here's an overview of the key provisions:
🔐 Notification of Breaches of Personal Information (9 GCA §§ 48.10–48.80)
This statute mandates that individuals or entities that own, license, or maintain computerized data containing personal information must disclose any breach of security affecting Guam residents Key provisions include:
Definition of Breach: Unauthorized access and acquisition of unencrypted and unredacted computerized data that compromises the security or confidentiality of personal information, and causes or is reasonably believed to cause identity theft or fraud
Consumer Notice: Notification must be made without unreasonable delay, consistent with measures necessary to determine the scope of the breach and restore system integrity
Substitute Notice: If the cost of providing notice exceeds $10,000, the affected class exceeds 5,000 persons, or sufficient contact information is unavailable, substitute notice may be provided through email, conspicuous posting on the entity’s website, and notice to major Guam media
Delayed Notice: Notification may be delayed if a law enforcement agency determines that it will impede a criminal or civil investigation or national security
Penalties: Violations may result in civil penalties up to $150,000 per breach or series of similar breaches discovered in a single investigation
🏛️ Electronic Data Protection Act of 2012 (5 GCA §§ 14101–14105)
This act applies to government agencies and entities within Guam, focusing on the protection of electronic dat. Key provisions include:
Sanitization Mandates the removal of data from storage media to ensure it cannot be easily retrieved or reconstructed.
Review and Reporting Requires regular review and reporting of electronic data protection practice.
Procurement Process Establishes guidelines for the procurement of services related to electronic data protection.
🛡️ *Cybersecurity Initiatives
In addition to legislative measures, Guam has undertaken several initiatives to enhance cybersecurity:
*Cybersecurity Plan: In November 2023, Guam's cybersecurity plan was approved by the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA), marking a significant step in managing and reducing cybersecurity risks impacting the territory.
*Marianas Cyber Security Working Group: Introduced by Bill 190-37, this group aims to foster island wide collaboration in addressing online issues and enhancing awareness of detected threats.
RELATED Blog
0 comments